Any files (which are write enabled) could be removed from the victim’s computer. All it takes is to lure the user to a prepared website.

An interesting side-note, from kuchikir on the Project Zero site says that earlier versions of uTorrent are just fine. Versions from 3.0 onward (according to his/her tests) are vulnerable:

The torrenting community largely eschews 3.0+ because the only apparent work post-2.2.1 has been to add advertisements, bloating 2.2.1’s 391KB of torrenting perfection into a 1MB+ monstrosity. The last meaningful exploit that wasn’t introduced by these 3.x additions was fixed in version 1.6.1, which was released in 2007. 1.6.1, 1.8.5, 2.0.4, and 2.2.1 are all recommended clients for this nearly unparalleled level of security to go with their stability and performance.